Mededeling

**Emphyrio** · 17-07-13, 13:19

Hoi leifoet ,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Verwijderen
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.
(Desnoods in meerdere postingen.)

Emphyrio

**leifoet** · 18-07-13, 02:18

Windows 7 Update e.a. werken niet meer

Beste Emphyrio,

Hierna tref je de gevraagde logbestanden.

Stap 1
Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with Malwarebytes cyber security solutions.

Databaseversie: v2013.07.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
DRTR :: DRTR [administrator]

17/07/2013 16:23:42
mbam-log-2013-07-17 (16-23-42).txt

Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 362342
Verstreken tijd: 55 minuut/minuten, 50 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

Stap 2
# AdwCleaner v2.305 - Verslag gemaakt op 18/07/2013 om 02:30:20
# Geactualiseerd op 11/07/2013 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : DRTR - DRTR
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\DRTR\Desktop\adwcleaner.exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

Map Verwijderd : C:\Program Files (x86)\sweetpacks bundle uninstaller

***** [Register] *****

Sleutel Verwijderd : HKCU\Software\Softonic
Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar

***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[S1].txt - [781 octets] - [18/07/2013 02:30:20]

########## EOF - C:\AdwCleaner[S1].txt - [840 octets] ##########

Stap 3
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by DRTR at 2:48:03 on 2013-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2749 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.e xe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\pnusbvirtualhubwssrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Windows\SysWOW64\PNUSBCLITRAY.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\SysWOW64\PNTray.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
uWindow Title = Telenet Internet
uDefault_Page_URL = hxxp://www.telenet.be
mStart Page = hxxp://www.telenet.be
mWindow Title = Telenet Internet
mDefault_Page_URL = hxxp://www.telenet.be
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
mRun: [pnusbclitray] pnusbclitray.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://goto.monica.be/vdesk/terminal/InstallerControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://goto.monica.be/vdesk/terminal/urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\75966496F51354 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\7796669643 : DHCPNameServer = 195.130.137.2 195.130.132.103
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\84A5A5 : DHCPNameServer = 195.130.131.3 195.130.130.131
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-24 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2012-7-27 99152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-24 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 pnpnptool;Quest RDP PnP Driver;C:\Windows\System32\drivers\pnpnptool.sys [2010-7-18 50760]
R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\System32\pnusbvirtualhubwssrv.exe [2010-7-18 501064]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-12-24 23912]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-24 5435904]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-12-24 69152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2009-10-10 41232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2010-2-16 44672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-24 172704]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-4-15 18448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 pnusbd;Quest RDP USB Driver;C:\Windows\System32\drivers\pnusbd.sys [2010-7-18 37320]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-24 215040]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-31 1255736]
.
=============== Created Last 30 ================
.
2013-07-17 10:34:16 35792 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-07-17 10:34:10 27088 ----a-w- C:\Windows\System32\authuitu.dll
2013-07-17 10:34:08 22480 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-07-17 10:33:33 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG
2013-07-17 10:33:01 -------- d-----w- C:\ProgramData\AVG
2013-07-17 10:29:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iTunes
2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iPod
2013-07-17 10:29:28 -------- d-----w- C:\Program Files (x86)\iTunes
2013-07-17 10:29:04 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-17 10:20:57 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG2013
2013-07-17 10:18:04 -------- d-----w- C:\Users\DRTR\AppData\Roaming\TuneUp Software
2013-07-17 10:16:50 -------- d--h--w- C:\$AVG
2013-07-17 10:16:50 -------- d-----w- C:\ProgramData\AVG2013
2013-07-17 10:15:17 -------- d-----w- C:\Program Files (x86)\AVG
2013-07-17 10:12:42 -------- d--h--w- C:\ProgramData\Common Files
2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\MFAData
2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\Avg2013
2013-07-17 10:12:42 -------- d-----w- C:\ProgramData\MFAData
2013-07-13 17:31:04 -------- d-----w- C:\ProgramData\F-Secure
2013-07-11 10:33:54 -------- d-----w- C:\Users\DRTR\AppData\Local\ElevatedDiagnostics
2013-06-26 06:24:18 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
2013-06-24 16:18:55 -------- d-----w- C:\Users\DRTR\AppData\Local\{6EE54F6F-E5BA-4F0D-AC55-72D096FA29B2}
2013-06-22 18:39:46 -------- d-----w- C:\OutputFolder
2013-06-22 18:39:45 -------- d-----w- C:\Users\DRTR\AppData\Roaming\Digiarty
2013-06-22 18:32:17 -------- d-----w- C:\Users\DRTR\AppData\Local\MacGo
2013-06-20 17:23:13 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
.
==================== Find3M ====================
.
2013-06-27 14:59:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 14:59:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 2:48:43,61 ===============

Stap 4
Results of screen317's Security Check version 0.99.69
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AVG PC TuneUp
AVG PC TuneUp Language Pack (nl-NL)
AVG PC TuneUp
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Google Chrome 22.0.1229.95
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Dank voor verdere check en oplossing 'update'.
Leifoet

**Emphyrio** · 19-07-13, 05:08

Java(TM) 6 Update 24 mag je verwijderen van je pc via Programmas en onderdelen.

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

Emphyrio

**leifoet** · 20-07-13, 09:04

Beste Emphyrio,

Probleempjes

1. Kan Java(TM) 6 Update 24 (technisch) niet verwijderen => errorbericht : vindt blijkbaar de locatie niet
2. Uitvoering van Combofix (cursor was ca 1u blijven knipperen na 'Voltooid Deel_48' - dan toch prog afgewerkt na ca 1u30) - zie logfile hierna
=> AVG was uitgeschakeld voor 10' (beetje weinig blijkbaar)
=> Kon Microsoft Security Essentials (technisch) niet uitschakelen en kan er niets aan wijzigen (error - initieel probleem samen met 'updates')
3. Kan nu explorer niet meer opstarten - krijg volgend foutbericht :
C:\Program Files (x86)\Internet Explorer\iexplore.exe - Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die gemarkeerd is voor verwijdering.
Bij nader toezicht kan ik o.a. geen enkel programma van jouw checklist nog openen - dus ook niet het (op het bureaublad) opgeslagen DDS.com - Steeds dezelfde boodschap 'Er is geprobeerd...'
(Zie inderdaad in de logfile een aantal (teveel ?) 'grendels')

(Combofix-logfile verstuurd in nieuwe post - teveel tekens)

Quid vervolg ?
Met dank voor assistentie - Leifoet

**leifoet** · 20-07-13, 10:22

Beste Emphyrio,

Hierna tref je noodgedwongen voorlopig enkel de Combofix-log - deel 1

ComboFix 13-07-18.04 - DRTR 20/07/2013 9:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2878 [GMT 2:00]
Gestart vanuit: c:\users\DRTR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ldsw_0paos.pad
c:\windows\animbigN.bmp
c:\windows\animsmalN.bmp
c:\windows\SysWow64\rnaph.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-20 to 2013-07-20 ))))))))))))))))))))))))))))))
.
.
2013-07-17 10:34 . 2012-12-14 09:42 35792 ----a-w- c:\windows\system32\TURegOpt.exe
2013-07-17 10:34 . 2012-12-14 09:42 27088 ----a-w- c:\windows\system32\authuitu.dll
2013-07-17 10:34 . 2012-12-14 09:42 22480 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-07-17 10:33 . 2013-07-17 10:33 -------- d-----w- c:\users\DRTR\AppData\Roaming\AVG
2013-07-17 10:33 . 2013-07-17 10:34 -------- d-----w- c:\programdata\AVG
2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\program files\iTunes
2013-07-17 10:29 . 2013-07-17 10:30 -------- d-----w- c:\program files (x86)\iTunes
2013-07-17 10:29 . 2013-07-17 10:29 -------- d-----w- c:\program files\iPod
2013-07-17 10:29 . 2013-07-17 10:29 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-17 10:18 . 2013-07-17 10:18 -------- d-----w- c:\users\DRTR\AppData\Roaming\TuneUp Software
2013-07-17 10:16 . 2013-07-17 10:16 -------- d-----w- C:\$AVG
2013-07-17 10:15 . 2013-07-17 10:33 -------- d-----w- c:\program files (x86)\AVG
2013-07-17 10:12 . 2013-07-20 08:17 -------- d-----w- c:\programdata\MFAData
2013-07-17 10:12 . 2013-07-17 10:51 -------- d-----w- c:\users\DRTR\AppData\Local\Avg2013
2013-07-17 10:12 . 2013-07-17 10:12 -------- d--h--w- c:\programdata\Common Files
2013-07-17 10:12 . 2013-07-17 10:12 -------- d-----w- c:\users\DRTR\AppData\Local\MFAData
2013-07-13 17:31 . 2013-07-17 11:26 -------- d-----w- c:\programdata\F-Secure
2013-07-11 10:33 . 2013-07-11 10:33 -------- d-----w- c:\users\DRTR\AppData\Local\ElevatedDiagnostics
2013-07-11 09:39 . 2013-07-11 09:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-26 06:24 . 2013-06-26 06:24 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
2013-06-22 18:39 . 2013-06-22 18:39 -------- d-----w- C:\OutputFolder
2013-06-22 18:39 . 2013-06-22 18:39 -------- d-----w- c:\users\DRTR\AppData\Roaming\Digiarty
2013-06-22 18:32 . 2013-06-23 13:04 -------- d-----w- c:\users\DRTR\AppData\Local\MacGo
2013-06-20 17:23 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 14:59 . 2013-02-12 08:40 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-27 14:59 . 2011-08-19 18:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-13 06:37 . 2011-10-16 18:41 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-10 09:33 . 2012-06-24 09:34 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[-] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[-] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[-] 2010-11-20 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[-] 2010-11-20 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[-] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\system32\lsass.exe
.
[-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[-] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[-] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[-] 2010-11-20 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[-] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[-] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[-] 2010-11-20 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[-] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2010-11-20 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[-] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe
[-] 2010-11-20 . 7FBFAA84FE176D9AE932ABC585AB68D5 . 51200 . . [7.5.7601.17514] .. c:\windows\system32\wuauclt.exe
.
[-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
[-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
[-] 2010-11-20 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
[-] 2010-11-20 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[-] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[-] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[-] 2010-11-20 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[-] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[-] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[-] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[-] 2010-11-20 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\system32\usp10.dll
.
[-] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[-] 2011-07-16 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[-] 2011-05-14 . 0E1B2E16235AA7F89F064EE75DFC905E . 1162752 . . [6.1.7601.17617] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[-] 2011-05-14 . 6743E8705A96FCBF71279B5AE2CCFDBC . 1163264 . . [6.1.7601.21728] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[-] 2010-11-20 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[-] 2011-07-16 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7600.16385] .. c:\windows\system32\kernel32.dll
.
[-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[-] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[-] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\system32\lpk.dll
.
[-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[-] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[-] 2011-10-04 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_87d981cff4d2a5bd\mshtml.dll
[-] 2010-06-30 . E16D240876BAD97B05DCAD346AC734F6 . 9295360 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_8aa72da7cbd9a1bb\mshtml.dll
[-] 2010-06-30 . 74DA18BB61FE98FC002866F032329265 . 9298432 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_8a3330b4b2abca0f\mshtml.dll
[-] 2011-10-04 . B721EFCC393D76390A319A8A30B1B654 . 17782272 . . [9.00.8112.16421] .. c:\windows\system32\mshtml.dll
.
[-] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[-] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\system32\msvcrt.dll
.
[-] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[-] 2010-11-20 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[-] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[-] 2010-11-20 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[-] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[-] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[-] 2010-11-20 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[-] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[-] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[-] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[-] 2010-11-20 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[-] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[-] 2010-11-20 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[-] 2011-10-04 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_767f62b1747c3c87\wininet.dll
[-] 2011-06-21 . 1A36497983C867FB85FF1DCD4933015F . 1188864 . . [8.00.7601.17638] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_7ab7a35a2f812f09\wininet.dll
[-] 2011-06-21 . 6ABD901E178675DFE86CCE75F2FAC9A5 . 1189376 . . [8.00.7601.21754] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_7b279f2548b2a159\wininet.dll
[-] 2011-04-22 . 2DCA688631F71722B0B5E57F526BB2EB . 1188864 . . [8.00.7601.17601] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_7ad111182f6f29d5\wininet.dll
[-] 2011-04-22 . BC661E59AE2BC840C6D8165F170DE7DE . 1189376 . . [8.00.7601.21710] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_7b4eddad4895cc39\wininet.dll
[-] 2011-03-07 . AB026A724960570803E90DC370893BD0 . 1188864 . . [8.00.7601.17573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_7a8760522fa622f3\wininet.dll
[-] 2011-03-07 . 93679DC9407BFC602D7E6BFC027455E0 . 1189376 . . [8.00.7601.21676] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_7b13fdfb48c10ec2\wininet.dll
[-] 2010-11-20 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2010-06-30 . DBC6EC40DDEDF875C0576CF2C0CAF9C3 . 1196544 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_794d0e894b833885\wininet.dll
[-] 2010-06-30 . 3DEB428ACD3D4DECD1619C24E4628DD2 . 1192960 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_78d91196325560d9\wininet.dll
[-] 2011-10-04 . 0732B49B250E306F7A6591029AF9885B . 1389056 . . [9.00.8112.16434] .. c:\windows\system32\wininet.dll
.
[-] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[-] 2010-11-20 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[-] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[-] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[-] 2010-11-20 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[-] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[-] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[-] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[-] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[-] 2010-11-20 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[-] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[-] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[-] 2010-11-20 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[-] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[-] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[-] 2010-11-20 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[-] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[-] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[-] 2010-11-20 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[-] 2010-11-20 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[-] 2010-11-20 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[-] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[-] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[-] 2010-11-20 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
.
[-] 2011-07-16 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[-] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\SysWOW64\kernel32.dll
[-] 2011-07-16 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[-] 2011-05-14 . CC5CBC069944E7EA70D8674478A70A37 . 837632 . . [6.1.7601.21728] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[-] 2011-05-14 . 166116134C58DC36400DE59ACD64FB39 . 837632 . . [6.1.7601.17617] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[-] 2010-11-20 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[-] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[-] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
.
[-] 2011-10-04 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll
[-] 2011-10-04 . E6D5C7E4AAC0C682169AA5021386EFF3 . 12273664 . . [9.00.8112.16434] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll
[-] 2010-06-30 . BDFD710842C8A25DD27254D91DE60AC6 . 5971456 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_9487db06e70c8c0a\mshtml.dll
[-] 2010-06-30 . 25C1646ADC24C371B594544C3D530967 . 5972992 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_94fbd7fa003a63b6\mshtml.dll
.
[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\SysWOW64\msvcrt.dll
[-] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[-] 2010-11-20 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
.
[-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[-] 2010-11-20 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
.
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[-] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[-] 2010-11-20 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
.
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[-] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[-] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[-] 2010-11-20 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
.
[-] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[-] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
[-] 2011-10-04 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\SysWOW64\wininet.dll
[-] 2011-10-04 . 2C7332C222D1FE1FC57D622699A8C001 . 1126912 . . [9.00.8112.16434] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16434_none_1a60c72dbc1ecb51\wininet.dll
[-] 2011-06-21 . D1E7C4FA045B34C32D12BFBB415EBE1B . 981504 . . [8.00.7601.21754] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21754_none_1f0903a190553023\wininet.dll
[-] 2011-06-21 . 748FD4CAB1AFFD90A9556EB7D5AA1FEB . 981504 . . [8.00.7601.17638] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17638_none_1e9907d67723bdd3\wininet.dll
[-] 2011-04-22 . 7A11DB452989040AD8570A3DCE2E9DE2 . 981504 . . [8.00.7601.21710] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21710_none_1f30422990385b03\wininet.dll
[-] 2011-04-22 . 2CA020EACDC6DDB2BEA89FEA02C90945 . 981504 . . [8.00.7601.17601] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17601_none_1eb275947711b89f\wininet.dll
[-] 2011-03-07 . A5B19B240901CAB0C8E7767D2873613E . 981504 . . [8.00.7601.17573] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17573_none_1e68c4ce7748b1bd\wininet.dll
[-] 2011-03-07 . EDEB2904636B657782F824D8FF97D0B8 . 981504 . . [8.00.7601.21676] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21676_none_1ef5627790639d8c\wininet.dll
[-] 2010-11-20 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
[-] 2010-06-30 . 250267CE6217C1AB4517F22FB7EA13E8 . 978432 . . [8.00.7600.16625] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.16625_none_1cba761279f7efa3\wininet.dll
[-] 2010-06-30 . 91A9CCAD9829A89C840899932B9EC2DF . 980480 . . [8.00.7600.20745] .. c:\windows\SoftwareDistribution\Download.bak\1fea1bbc166b46c1fa606132d8ac5fd3\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7600.20745_none_1d2e73059325c74f\wininet.dll
.
[-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[-] 2010-11-20 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[-] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[-] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[-] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[-] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[-] 2010-11-20 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\SysWOW64\usp10.dll
[-] 2010-11-20 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
.
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[-] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[-] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[-] 2010-11-20 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
.
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[-] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[-] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[-] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[-] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[-] 2010-11-20 12:19 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[-] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[-] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[-] 2010-11-20 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[-] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[-] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[-] 2010-11-20 12:20 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[-] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[-] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[-] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[-] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7601.17514] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[-] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL

**leifoet** · 20-07-13, 10:23

Combofix-logfile - deel 2

.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"pnusbclitray"="pnusbclitray.exe" [2010-04-14 67560]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-05-23 371896]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-12-12 655360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking10\Ereg.ini
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 lvzhmtrs;lvzhmtrs;c:\windows\system32\drivers\lvzhmtrs.sys;c:\windows\SYSNATIVE\drivers\lvzhmtrs.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltv64.sys;c:\windows\SYSNATIVE\drivers\urfltv64.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 pnusbd;Quest RDP USB Driver;c:\windows\system32\Drivers\pnusbd.sys;c:\windows\SYSNATIVE\Drivers\pnusbd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS \avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS;c:\windows\SYSNATIVE\Drivers\N EOFLTR_710_19243.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 pnpnptool;Quest RDP PnP Driver;c:\windows\system32\Drivers\pnpnptool.sys;c:\windows\SYSNATIVE\Drivers\pnpnptool.sys [x]
S2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;c:\windows\system32\pnusbvirtualhubwssrv.exe;c:\windows\SYSNATIVE\pnusbvirtualhubwssrv.exe [x]
S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5v64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]
S3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\DRIVERS\covpnv64.sys;c:\windows\SYSNATIVE\DRIVERS\covpnv64.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-12 14:59]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc9738714475e7.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 15:52]
.
2013-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc973872374243.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-04 15:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mDefault_Page_URL = hxxp://www.telenet.be
mStart Page = hxxp://www.telenet.be
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Telenet Internet
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2836375764-1994310032-2609680467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2836375764-1994310032-2609680467-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
c:\program files (x86)\AVG\AVG PC TuneUp\OneClick.exe
.
**************************************************************************
.
Voltooingstijd: 2013-07-20 10:37:59 - machine werd herstart
ComboFix-quarantined-files.txt 2013-07-20 08:37
.
Pre-Run: 421.497.544.704 bytes beschikbaar
Post-Run: 421.050.417.152 bytes beschikbaar
.
- - End Of File - - 2349B467A5CCE51A76476EC932D5B731
5C616939100B85E558DA92B899A0FC36

**Emphyrio** · 20-07-13, 10:41

PC herstartten, daarna de DDS log posten

**leifoet** · 20-07-13, 12:31

Beste Emphyrio,

Hieronder tref je de gevraagd DDS-logfile.

Nade gevraagde (her)opstart van de laptop krijg ik volgende foutboodschap :
'Deze versie van Windows is niet legitiem - Security Essentials is uitgeschakeld.'
Ben verrast gezien deze computer werd aangekocht bij DELL - m.i. een (legaal) bedrijf dat legale software verkoopt... ?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by DRTR at 13:15:59 on 2013-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4091.2612 [GMT 2:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\pnusbvirtualhubwssrv.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
C:\Windows\SysWOW64\PNUSBCLITRAY.exe
C:\Windows\SysWOW64\PNTray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://www.telenet.be
mWindow Title = Telenet Internet
mDefault_Page_URL = hxxp://www.telenet.be
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
mRun: [pnusbclitray] pnusbclitray.exe
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://goto.monica.be/vdesk/terminal/InstallerControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {553AAF97-E49C-11D0-A303-0040C711066C} - file:///D:/backend/DicomObjectsLight.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://goto.monica.be/vdesk/terminal/urxshost.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\DRTIAR~1\AppData\Local\Temp\f5tmp\urxhost.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\75966496F51354 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\7796669643 : DHCPNameServer = 195.130.137.2 195.130.132.103
TCP: Interfaces\{373FF64F-EA13-4CD9-A689-E66C8229A890}\84A5A5 : DHCPNameServer = 195.130.131.3 195.130.130.131
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-24 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-5-17 93272]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);C:\Windows\System32\drivers\NEOFLTR_710_19243.SYS [2012-7-27 99152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-24 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-7 167424]
R2 pnpnptool;Quest RDP PnP Driver;C:\Windows\System32\drivers\pnpnptool.sys [2010-7-18 50760]
R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\System32\pnusbvirtualhubwssrv.exe [2010-7-18 501064]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-12-14 2148816]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Acceler.sys [2009-12-24 23912]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-24 5435904]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\System32\drivers\o2mdgx64.sys [2009-12-24 69152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2009-10-10 41232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\System32\drivers\a38usb.sys [2010-2-16 44672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-24 172704]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2011-4-15 18448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 pnusbd;Quest RDP USB Driver;C:\Windows\System32\drivers\pnusbd.sys [2010-7-18 37320]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-24 215040]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-7 59392]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-31 1255736]
.
=============== Created Last 30 ================
.
2013-07-20 08:25:38 -------- d-----w- C:\$RECYCLE.BIN
2013-07-20 07:09:57 98816 ----a-w- C:\Windows\sed.exe
2013-07-20 07:09:57 256000 ----a-w- C:\Windows\PEV.exe
2013-07-20 07:09:57 208896 ----a-w- C:\Windows\MBR.exe
2013-07-17 10:34:16 35792 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-07-17 10:34:10 27088 ----a-w- C:\Windows\System32\authuitu.dll
2013-07-17 10:34:08 22480 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-07-17 10:33:33 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG
2013-07-17 10:33:01 -------- d-----w- C:\ProgramData\AVG
2013-07-17 10:29:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iTunes
2013-07-17 10:29:28 -------- d-----w- C:\Program Files\iPod
2013-07-17 10:29:28 -------- d-----w- C:\Program Files (x86)\iTunes
2013-07-17 10:29:04 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-17 10:20:57 -------- d-----w- C:\Users\DRTR\AppData\Roaming\AVG2013
2013-07-17 10:18:04 -------- d-----w- C:\Users\DRTR\AppData\Roaming\TuneUp Software
2013-07-17 10:16:50 -------- d-----w- C:\ProgramData\AVG2013
2013-07-17 10:16:50 -------- d-----w- C:\$AVG
2013-07-17 10:15:17 -------- d-----w- C:\Program Files (x86)\AVG
2013-07-17 10:12:42 -------- d--h--w- C:\ProgramData\Common Files
2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\MFAData
2013-07-17 10:12:42 -------- d-----w- C:\Users\DRTR\AppData\Local\Avg2013
2013-07-17 10:12:42 -------- d-----w- C:\ProgramData\MFAData
2013-07-13 17:31:04 -------- d-----w- C:\ProgramData\F-Secure
2013-07-11 10:33:54 -------- d-----w- C:\Users\DRTR\AppData\Local\ElevatedDiagnostics
2013-06-26 06:24:18 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\offreg.dll
2013-06-24 16:18:55 -------- d-----w- C:\Users\DRTR\AppData\Local\{6EE54F6F-E5BA-4F0D-AC55-72D096FA29B2}
2013-06-22 18:39:46 -------- d-----w- C:\OutputFolder
2013-06-22 18:39:45 -------- d-----w- C:\Users\DRTR\AppData\Roaming\Digiarty
2013-06-22 18:32:17 -------- d-----w- C:\Users\DRTR\AppData\Local\MacGo
2013-06-20 17:23:13 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{55B805FB-408C-4723-A68A-76C94E684CFD}\mpengine.dll
.
==================== Find3M ====================
.
2013-06-27 14:59:52 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 14:59:52 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 13:16:12,23 ===============

Quid volgende stap ?
Dank en groeten,
Leifoet

**Emphyrio** · 20-07-13, 12:38

Er is idd één en ander loos.
.

Download PC Info naar je bureaublad.
Unzip en klik op SetupPC Info.
Doorloop het installatieproces.

.
Dubbelklik op PC Info.
De scanning wordt nu ingezet...
Na de scanning selecteer je de tab: Logs
Vervolgens check je uitsluitend deze items:
.

Software
Hardware
Software Installed List
Startup List
Running Processes
Expert Mode
Sig Check
Registry Scan
Services

.
Klik nu op 'Create a log' kopieer en plak deze in je volgende posting.

**leifoet** · 20-07-13, 16:31

Beste Emphyrio,

Hieronder tref je de PC-Info-log.
'Sig Check' kon ik niet aanvinken.
Groeten - Leifoet

PC Info vs 2.0.1.5 © 2011-2013 Onsia Patrick (Emphyrio)
20/7/2013 17:16:31
Boot Status: Normal boot

==================== OS INFO ====================================

OS version : Windows 7
Edition : Home Premium
Service Pack : 1
Build version : 6.1.7601.65536
Windows OS Bits : 64 *

Update detected : 2011-10-05 07:35:42
Update downloaded : 2011-10-05 07:37:40
Update installed : 2011-10-04 14:46:52

==================== GENERAL INFO ===============================

Windows Directory : C:\Windows
User Profile : C:\Users\DRTR
Java Version : 1.6.0_14
Antivirus : AVG Anti-Virus 2013 [Updated - Running ]
Anti Spam : AVG Anti-Virus 2013 [Updated - Running ]
Firewall : Windows Firewall

==================== HARDWARE ===================================

GenuineIntel Intel64 Family 6 Model 23 Stepping 10
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz

Mainboard : Dell Inc.

Model : Studio 1745

Bios Version : A02 (Dell Inc.)

RAM Present : 4091 MB / 4 GB
RAM Free : 2507 Mb ( 61 % Free )

Videocard : ATI Mobility Radeon HD 4650
Memory : 1024Mb
Driver version : 8.631.0.0

==================== APP LIST ===================================

C:\ Fixed - OS - NTFS - 451 Gb (Free : 401468 Mb / 392 Gb )

==================== INSTALLED SOFTWARE LIST ====================

Update for Microsoft Office 2007 (KB2508958)
Adobe AIR 3.5.0.880
Adobe Flash Player 11 ActiveX 11.7.700.224
Adobe Flash Player 11 Plugin 11.7.700.224
Adobe Reader XI (11.0.02) - Nederlands 11.0.02
Advanced Audio FX Engine 1.12.05
Apple Application Support 2.3.4
Apple Mobile Device Support 6.1.0.13
Apple Software Update 2.1.3.127
ATI Catalyst Control Center 2.009.0625.1811
AVG 2013 13.0.2904
AVG 2013 13.0.3204
AVG 2013 2013.0.2904
AVG PC TuneUp 12.0.4010.19
AVG PC TuneUp Language Pack (nl-NL) 12.0.4010.19
Belgium e-ID middleware 3.5.3 (build 6193) 3.5.6193
Bonjour 3.0.0.10
Catalyst Control Center - Branding 1.00.0000
Catalyst Control Center Core Implementation 2009.0625.1812.30825
Catalyst Control Center Graphics Full Existing 2009.0625.1812.30825
Catalyst Control Center Graphics Full New 2009.0625.1812.30825
Catalyst Control Center Graphics Light 2009.0625.1812.30825
Catalyst Control Center Graphics Previews Common 2009.0625.1812.30825
Catalyst Control Center Graphics Previews Vista 2009.0625.1812.30825
Catalyst Control Center InstallProxy 2009.0625.1812.30825
Catalyst Control Center Localization All 2009.0625.1812.30825
ccc-core-static 2009.0625.1812.30825
ccc-utility64 2009.0625.1812.30825
CCC Help Chinese Standard 2009.0625.1811.30825
CCC Help Chinese Traditional 2009.0625.1811.30825
CCC Help Danish 2009.0625.1811.30825
CCC Help Dutch 2009.0625.1811.30825
CCC Help English 2009.0625.1811.30825
CCC Help Finnish 2009.0625.1811.30825
CCC Help French 2009.0625.1811.30825
CCC Help German 2009.0625.1811.30825
CCC Help Italian 2009.0625.1811.30825
CCC Help Japanese 2009.0625.1811.30825
CCC Help Korean 2009.0625.1811.30825
CCC Help Norwegian 2009.0625.1811.30825
CCC Help Portuguese 2009.0625.1811.30825
CCC Help Russian 2009.0625.1811.30825
CCC Help Spanish 2009.0625.1811.30825
CCC Help Swedish 2009.0625.1811.30825
CCleaner 4.00
Citrix Authentication Manager 2.0.0.41479
Citrix Receiver 13.1.201.3
Citrix Receiver (HDX Flash Redirection) 13.1.201.3
Citrix Receiver Inside 3.2.0.5844
Citrix Receiver(Aero) 13.1.201.3
Citrix Receiver(DV) 13.1.201.3
Citrix Receiver(USB) 13.1.201.3
D3DX10 15.4.2368.0902
Dell Dock 2.0.0
Dell Edoc Viewer 1.0.0
Dell Getting Started Guide 1.00.0000
Dell Support Center (Support Software) 2.5.09100
Dell Webcam Central 1.40.05
Dragon NaturallySpeaking 10 10.10.400
Google Earth Plug-in 7.0.3.8542
Google Update Helper 1.3.21.153
HTC BMP USB Driver 1.0.5375
HTC Driver Installer 4.0.1.001
HTC Sync 3.3.21
Intel® Matrix Storage Manager
IPTInstaller 4.0.8
iTunes 11.0.4.4
Java(TM) 6 Update 14 (64-bit) 6.0.140
Java(TM) 6 Update 24 6.0.240
Juniper Networks Secure Application Manager 7.1.0.19243
Juniper Networks Setup Client Activex Control 2.1.1.1
Junk Mail filter update 15.4.3502.0922
Live! Cam Avatar Creator 4.6.3009.1
Malwarebytes Anti-Malware versie 1.75.0.1300 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 1.1.4322
Microsoft .NET Framework 1.1 Hotfix (KB899511)
Microsoft .NET Framework 4 Client Profile 4.0.30319
Microsoft .NET Framework 4 Client Profile NLD Language Pack 4.0.30319
Microsoft Antimalware 3.0.8402.2
Microsoft Antimalware Service NL-NL Language Pack 3.0.8402.2
Microsoft Application Error Reporting 12.0.6015.5000
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Converter Pack 11.0.0.0
Microsoft Office Excel MUI (Dutch) 2007 12.0.6425.1000
Microsoft Office File Validation Add-In 14.0.5130.5003
Microsoft Office Home and Student 2007 12.0.6425.1000
Microsoft Office Office 64-bit Components 2007 12.0.6425.1000
Microsoft Office OneNote MUI (Dutch) 2007 12.0.6425.1000
Microsoft Office PowerPoint MUI (Dutch) 2007 12.0.6425.1000
Microsoft Office Proof (Dutch) 2007 12.0.6425.1000
Microsoft Office Proof (English) 2007 12.0.6425.1000
Microsoft Office Proof (French) 2007 12.0.6425.1000
Microsoft Office Proof (German) 2007 12.0.6425.1000
Microsoft Office Proofing (Dutch) 2007 12.0.4518.1017
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared 64-bit MUI (Dutch) 2007 12.0.6425.1000
Microsoft Office Shared MUI (Dutch) 2007 12.0.6425.1000
Microsoft Office Word MUI (Dutch) 2007 12.0.6425.1000
Microsoft Search Enhancement Pack 3.0.133.0
Microsoft Security Client 2.1.1116.0
Microsoft Security Client NL-NL Language Pack 2.1.1116.0
Microsoft Security Essentials 2.1.1116.0
Microsoft Silverlight 4.0.60531.0
Microsoft SQL Server 2005 Compact Edition [ENU] 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable - KB2467175 8.0.51011
Microsoft Visual C++ 2005 Redistributable 8.0.58299
Microsoft Visual C++ 2005 Redistributable 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 10.0.40219
MSVCRT 15.4.2862.0708
MSVCRT_amd64 15.4.2862.0708
MSXML 4.0 SP2 (KB954430) 4.20.9870.0
MSXML 4.0 SP2 (KB973688) 4.20.9876.0
MSXML 4.0 SP3 Parser 4.30.2100.0
Online Plug-in 13.1.201.3
PC Info 2.0.15
Philips Device Control Center 2.7.240.15
PowerDVD DX 8.3.5424
Quickset64 9.6.6
Roxio Burn 1.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906) 2.1.0.2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) 1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) 1
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663) 1
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) 1
Self-service Plug-in 3.2.0.24226
Skins 2009.0625.1812.30825
Synaptics Pointing Device Driver 13.2.2.2
Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD 4.0.30319
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) 1
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) 1
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) 1
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) 10.20.200
Visual Studio 2010 x64 Redistributables 13.0.0.1
vWorkspace Web Client 7.1.358
Windows Live Communications Platform 15.4.3502.0922
Windows Live Essentials 15.4.3502.0922
Windows Live Essentials 15.4.3555.0308
Windows Live ID Sign-in Assistant 7.250.4232.0
Windows Live Installer 15.4.3502.0922
Windows Live Language Selector 15.4.3555.0308
Windows Live Mail 15.4.3502.0922
Windows Live Messenger 15.4.3538.0513
Windows Live MIME IFilter 15.4.3502.0922
Windows Live Movie Maker 15.4.3502.0922
Windows Live Photo Common 15.4.3502.0922
Windows Live Photo Gallery 15.4.3502.0922
Windows Live PIMT Platform 15.4.3508.1109
Windows Live SOXE 15.4.3502.0922
Windows Live SOXE Definitions 15.4.3502.0922
Windows Live Sync 14.0.8089.726
Windows Live UX Platform 15.4.3502.0922
Windows Live UX Platform Language Pack 15.4.3508.1109
Windows Live Writer 15.4.3502.0922
Windows Live Writer Resources 15.4.3502.0922

==================== STARTUP LIST Enabled========================

------- Local 32/64 HKLM DRTR------------

StartCCC : "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
PDVDDXSrv : "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
Dell Webcam Central : "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
Desktop Disc Tool : "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
DellSupportCenter : "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
beid : "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
pnusbclitray : pnusbclitray.exe
:
SSBkgdUpdate : "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
ISUSScheduler : "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
APSDaemon : "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
ConnectionCenter : "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
HTC Sync Loader : "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
Adobe ARM : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AVG_UI : "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

------- Local [HKLM] DRTR------------

SynTPEnh : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SysTrayApp : C:\Program Files\IDT\WDM\sttray64.exe
IAAnotif : C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSC : "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

------- Current User [HKCU] DRTR------------

ISUSPM Startup : C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

==================== RUNNING PROCESSES ==========================

RoxioBurnLauncher ID = 3920 Path: C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
htcUPCTLoader ID = 3328 Path: C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
WebcamDell2 ID = 3908 Path: C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PDVDDXSrv ID = 3884 Path: C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
sttray64 ID = 3488 Path: C:\Program Files\IDT\WDM\sttray64.exe
CCC ID = 4272 Path: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
iexplore ID = 4468 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
MOM ID = 3940 Path: c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
SynTPHelper ID = 3856 Path: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
msseces ID = 3652 Path: C:\Program Files\Microsoft Security Client\msseces.exe
csrss ID = 696 Path: C:\Windows\system32\csrss.exe
PNUSBCLITRAY ID = 4044 Path: C:\Windows\SysWOW64\PNUSBCLITRAY.exe
SynTPEnh ID = 3452 Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
explorer ID = 2856 Path: C:\Windows\Explorer.EXE
concentr ID = 3052 Path: C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
iexplore ID = 2456 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
splwow64 ID = 5080 Path: C:\Windows\splwow64.exe
SelfServicePlugin ID = 4604 Path: C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
pntray ID = 2824 Path: C:\Windows\SysWOW64\PNTray.exe
atieclxx ID = 1444 Path: C:\Windows\system32\atieclxx.exe
Receiver ID = 852 Path: C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
iexplore ID = 4984 Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
beid35gui ID = 3992 Path: C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe
issch ID = 3096 Path: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
IAAnotif ID = 3532 Path: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
dwm ID = 2792 Path: C:\Windows\system32\Dwm.exe
TuneUpUtilitiesApp64 ID = 4168 Path: C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
PC Info ID = 5184 Path: C:\Program Files (x86)\E Dev\PC Info\PC Info.exe
winlogon ID = 808 Path: C:\Windows\system32\winlogon.exe
avgui ID = 3368 Path: C:\Program Files (x86)\AVG\AVG2013\avgui.exe
sprtcmd ID = 3948 Path: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
wfcrun32 ID = 5320 Path: C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

==================== REG SCAN ===================================

Empthy keys and/or values aren't logged !

==================== SESSION MANAGER ============================

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
BootExecute = autocheck autochk *

==================== WINLOGON ===================================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Userinit = C:\Windows\system32\userinit.exe,
Shell = Explorer.exe

==================== ShellServiceObjectDelayLoad ================

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File in HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\

==================== Shell Extensions\Approved ==================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck
{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
File in HKCR\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\Windows\System32\webcheck.dll

==================== Shell Extensions\Approved WOW 6432 =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck

==================== SharedTaskScheduler ========================

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\Windows\system32\explorerframe.dll

==================== RUN KEYS====================================

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ISUSPM Startup = C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IAAnotif = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
AVG_UI = "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
beid = "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
ConnectionCenter = "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Dell Webcam Central = "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
DellSupportCenter = "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
Desktop Disc Tool = "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
HTC Sync Loader = "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
ISUSScheduler = "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
PDVDDXSrv = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
pnusbclitray = pnusbclitray.exe
SSBkgdUpdate = "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
StartCCC = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

==================== vVv Krepper Trojan Pointers vVv ============

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

==================== RUN SERVICES ===============================

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

==================== Shell Folder ===============================

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Startup = C:\Users\DRTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

==================== DLL Loaded =================================

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows

RequireSignedAppInit_DLLs = 0x00000001
( 0x0 – Load any DLLs. 0x1 – Load only code-signed DLLs.)

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

==================== ShellExecuteHooks ==========================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks

==================== Command Processor ==========================

HKLM\Software\Microsoft\Command Processor
HKCU\Software\Microsoft\Command Processor

==================== BROWSER HELPER OBJECTS =====================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

{9030D464-4C02-4ABF-8ECC-5164760863C6} = Windows Live ID Sign-in Helper
AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
File in HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
= C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
--------------------------------------------------------------------
{DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
File in HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
= C:\Program Files\Java\jre6\bin\jp2ssv.dll
--------------------------------------------------------------------

==================== BHO - CLSID Wow6432Node ====================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} = Adobe PDF Link Helper
AppID = {77AB4812-5411-4EA9-8437-77AD0F230302}
File in HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32\
= C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

--------------------------------------------------------------------
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} = Search Helper
File in HKCR\Wow6432Node\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\InProcServer32\
= C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

--------------------------------------------------------------------
{9030D464-4C02-4ABF-8ECC-5164760863C6} = Aanmeldhulp voor Windows Live ID
AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
File in HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
= C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

--------------------------------------------------------------------
{DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
File in HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
= C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

--------------------------------------------------------------------

==================== TOOLBAR ====================================

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

# Not exist #

==================== TOOLBAR - Wow6432Node ======================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

==================== URL SEARCH HOOKS ===========================

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks

==================== SAFE BOOT ==================================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell = cmd.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

{533C5B84-EC70-11D2-9505-00C04F79DEAF}
= Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
= IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
= SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
= SecurityDevices

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

{50DD5230-BA8A-11D1-BF5D-0000F805F530}
= Smart card readers{533C5B84-EC70-11D2-9505-00C04F79DEAF}
= Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
= IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
= SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
= SecurityDevicesDnsCache
= ServiceWudfPf
= DriverWudfRd
= DriverWudfSvc
= ServiceWudfUsbccidDriver
= Driver

==================== DESKTOP ====================================

HKCU\Control Panel\Desktop

ScreenSaveActive = 1
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

==================== SECURITYPROVIDERS ==========================

HKLM\system\currentcontrolset\control\securityproviders

SecurityProviders = credssp.dll
File in C:\Windows\System32\credssp.dll 22016 bytes [ 7/06/2011 12:30:10 ]

==================== SERVICES ===================================

Service without a value in ImagePath or 'svchost.exe -k' aren't logged !

HKLM\SYSTEM\CurrentControlSet\Services

*** Win32OwnProcess ***

R2 - AdobeARMservice - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
S3 - AdobeFlashPlayerUpdateSvc - Adobe Flash Player Update Service - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S3 - ALG - Application Layer Gateway Service - C:\Windows\System32\alg.exe
R2 - AMD External Events Utility - AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
R2 - Apple Mobile Device - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - AVGIDSAgent - AVGIDSAgent - "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe"
R2 - avgwd - AVG WatchDog - "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe"
R2 - Bonjour Service - Bonjour-service - "C:\Program Files\Bonjour\mDNSResponder.exe"
S4 - clr_optimization_v2.0.50727_32 - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - clr_optimization_v2.0.50727_64 - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S2 - clr_optimization_v4.0.30319_32 - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - clr_optimization_v4.0.30319_64 - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
S3 - COMSysApp - COM+ System Application - C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R2 - DockLoginService - Dock Login Service - C:\Program Files\Dell\DellDock\DockLogin.exe
S3 - ehRecvr - Windows Media Center Receiver Service - C:\Windows\ehome\ehRecvr.exe
S3 - ehSched - Windows Media Center Scheduler Service - C:\Windows\ehome\ehsched.exe
S3 - Fax - Fax - C:\Windows\system32\fxssvc.exe
S3 - FontCache3.0.0.0 - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S2 - gupdate - Google Updateservice (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
S3 - gupdatem - Google Update-service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
R2 - IAANTMON - Intel(R) Matrix Storage Event Monitor - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
S3 - iPod Service - iPod-service - "C:\Program Files\iPod\bin\iPodService.exe"
S3 - MSDTC - Distributed Transaction Coordinator - C:\Windows\System32\msdtc.exe
R3 - msiserver - Windows Installer - C:\Windows\system32\msiexec.exe /V
R2 - O2FLASH - O2FLASH - C:\Windows\system32\DRIVERS\o2flash.exe
S3 - odserv - Microsoft Office Diagnostics Service - "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 - ose - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
R2 - PassThru Service - Internet Pass-Through Service - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
S3 - PerfHost - Performance Counter DLL Host - C:\Windows\SysWow64\perfhost.exe
S2 - pnusbvirtualhubwssrv - Quest USB Hub Client Service - C:\Windows\system32\pnusbvirtualhubwssrv.exe
S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\Windows\system32\locator.exe
R2 - SeaPort - SeaPort - "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
S3 - SNMPTRAP - SNMP Trap - C:\Windows\System32\snmptrap.exe
S2 - sppsvc - Software Protection - C:\Windows\system32\sppsvc.exe
S2 - STacSV - Audio Service - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.e xe
S3 - TrustedInstaller - Windows Modules Installer - C:\Windows\servicing\TrustedInstaller.exe
R2 - TuneUp.UtilitiesSvc - AVG PC TuneUp Service - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe"
S3 - vds - Virtual Disk - C:\Windows\System32\vds.exe
S3 - VSS - Volume Shadow Copy - C:\Windows\system32\vssvc.exe
S3 - WatAdminSvc - Windows Activation Technologies-service - C:\Windows\system32\Wat\WatAdminSvc.exe
S3 - wbengine - Block Level Backup Engine Service - "C:\Windows\system32\wbengine.exe"
R2 - wlidsvc - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
S3 - wmiApSrv - WMI Performance Adapter - C:\Windows\system32\wbem\WmiApSrv.exe
R2 - WMPNetworkSvc - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"
S2 - WSearch - Windows Search - C:\Windows\system32\SearchIndexer.exe /Embedding

*** Win32ShareProcess ***

S3 - EFS - Encrypting File System (EFS) - C:\Windows\System32\lsass.exe
S3 - idsvc - Windows CardSpace - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
R3 - KeyIso - CNG Key Isolation - C:\Windows\system32\lsass.exe
S3 - Netlogon - Netlogon - C:\Windows\system32\lsass.exe
S4 - NetTcpPortSharing - Net.Tcp Port Sharing Service - "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
S3 - ProtectedStorage - Protected Storage - C:\Windows\system32\lsass.exe
R2 - SamSs - Security Accounts Manager - C:\Windows\system32\lsass.exe
S3 - VaultSvc - Credential Manager - C:\Windows\system32\lsass.exe

*** Other ***

R0 - Avgmfx64 - AVG Mini-Filter Resident Anti-Virus Shield - \SystemRoot\system32\DRIVERS\avgmfx64.sys
R0 - Avgrkx64 - AVG Anti-Rootkit Driver - \SystemRoot\system32\DRIVERS\avgrkx64.sys
R3 - bowser - Stuurprogramma voor browserondersteuning - system32\DRIVERS\bowser.sys
S4 - cdfs - CD/DVD File System Reader - system32\DRIVERS\cdfs.sys
R1 - DfsC - DFS Namespace Client Driver - System32\Drivers\dfsc.sys
R0 - FileInfo - File Information FS MiniFilter - \SystemRoot\system32\drivers\fileinfo.sys
S3 - Filetrace - Filetrace - system32\drivers\filetrace.sys
R0 - FltMgr - FltMgr - \SystemRoot\system32\drivers\fltmgr.sys
S3 - FsDepends - File System Dependency Minifilter - System32\drivers\FsDepends.sys
R2 - luafv - Virtualisatie van UAC-bestanden - \SystemRoot\system32\drivers\luafv.sys
R1 - MpFilter - Microsoft Malware Protection Driver - system32\DRIVERS\MpFilter.sys
S3 - MRxDAV - WebDav Client Redirector-stuurprogramma - \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb - Wrapper en engine SMB mini-redirector - system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb10 - SMB 1.x mini-redirector - system32\DRIVERS\mrxsmb10.sys
R3 - mrxsmb20 - SMB 2.0 mini-redirector - system32\DRIVERS\mrxsmb20.sys
R0 - Mup - Mup - \SystemRoot\System32\Drivers\mup.sys
R1 - NetBIOS - NetBIOS Interface - system32\DRIVERS\netbios.sys
R1 - rdbss - Omgeleid bufferingsubsysteem - system32\DRIVERS\rdbss.sys
R2 - Spooler - Print Spooler - C:\Windows\System32\spoolsv.exe
R2 - sprtsvc_DellSupportCenter - SupportSoft Sprocket Service (DellSupportCenter) - "C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter
R3 - srv - Stuurprogramma Server SMB 1.xxx - System32\DRIVERS\srv.sys
R3 - srv2 - Stuurprogramma Server SMB 2.xxx - System32\DRIVERS\srv2.sys
R3 - srvnet - srvnet - System32\DRIVERS\srvnet.sys
S4 - udfs - udfs - system32\DRIVERS\udfs.sys
S3 - UI0Detect - Interactive Services Detection - C:\Windows\system32\UI0Detect.exe
S3 - WimFltr - WimFltr - system32\DRIVERS\wimfltr.sys
S3 - WIMMount - WIMMount - system32\drivers\wimmount.sys

==================== WOW-CMDLINE ================================

HKLM\SYSTEM\CurrentControlSet\Control\WOW
cmdline = C:\Windows\system32\ntvdm.exe

==================== SVCHOST (White Listed) ==================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

All ok

==================== WOW-SVCHOST ================================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost

All ok
==================== INTERFACES =================================

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

{373FF64F-EA13-4CD9-A689-E66C8229A890}
====================*============================================

{3EEE8E33-6305-4B7C-A92F-101237FC8F78}
====================*============================================

{846ee342-7039-11de-9d20-806e6f6e6963}
====================*============================================

{92ABA403-BB04-4854-8D4C-516DA7B4A76B}
====================*============================================

==================== SEARCHSCOPES ===============================

HKCU\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope : {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLL_nlBE361
====================*============================================

{A5E186A6-011D-4D95-87B4-F77D2FA9F303}
URL :
====================*============================================

HKLM\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope :

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL :
--------------------------------------------------------------------
{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
--------------------------------------------------------------------
{D03163B6-1F34-4E2B-A478-C5B67266E198}
URL : http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
--------------------------------------------------------------------

==================== Job files ==================================

There are no .job files found.
=================================================================

Log finished at 20/07/2013 17:16:33
Thanks for using PC Info...

==================== END ========================================

**Emphyrio** · 20-07-13, 16:42

Prima

Volgende te verwijderen tools staan in je software lijst:
.

AVG PC TuneUp 12.0.4010.19
AVG PC TuneUp Language Pack (nl-NL) 12.0.4010.19
Java(TM) 6 Update 14 (64-bit) 6.0.140
Java(TM) 6 Update 24 6.0.240

.
Deze kan je verwijderen via "Programma's en onderdelen".
De onderdelen selecteren en verwijderen kiezen.

Als je dat hebt gedaan herstart je je pc.

Vervolgens download je bijgevoegde batch (look.bat) naar je bureaublad.
Rechtsklik erop, uitvoeren als Admin en post de log die verschijnt.

Opmerking: Ik lees dat de laatste update die op deze pc geinstalleert werdt dateert van 2011 ?

Update installed : 2011-10-04 14:46:52

Het probleem was dan reeds langer aanwezig.

**leifoet** · 20-07-13, 17:09

Beste Emphyrio,

Hieronder tref je de gevraagde logfile.
Deze laptop was een aantal jaren quasi onbeveiligd - vermoedelijke oorzaak van alle ellende.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc
DisplayName REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1001
ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k NetworkService
Description REG_SZ @%SystemRoot%\system32\cryptsvc.dll,-1002
ObjectName REG_SZ NT Authority\NetworkService
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x2
Type REG_DWORD 0x20
DependOnService REG_MULTI_SZ RpcSs
ServiceSidType REG_DWORD 0x1
RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege
FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\cryptsvc.dll
ServiceMain REG_SZ CryptServiceMain
ServiceDllUnloadOnStop REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security
Security REG_BINARY 00000E0001

present

Groeten, Leifoet

**Emphyrio** · 20-07-13, 17:16

Ok, dat verklaard natuurlijk een en ander

.

Maak een nieuwe map aan op je bureaublad.
Download Complete Internet Repair x64
en sla deze op in de juist aangemaakte nieuwe map.
Pak alle bestanden uit.
Open CIntRep
rechtsklik ->Uitvoeren als Administrator.
Het programma wordt gestart, selecteer de onderstaande vakjes:
[
Druk op Go.

Onderaan vind je een logfile. Post deze.
Laat me tevens weten of er een reparatie heeft plaats gevonden,

**leifoet** · 20-07-13, 17:46

Beste Emphyrio,

Heb CIntRep64 (=juiste ?) gedraaid - logfile is m.i. moeilijk te 'vangen' - kan ze niet volledig kopiëren of doe ik iets verkeerd ? reboot uitgevoerd - nogmaals geprobeerd om logfile te kopieren ....

--> Restoring the default Windows HOSTS file, Please wait.....
--> Writing data to the HOSTS file.....
--> HOSTS file created successfully.
--> You will need to reboot your computer before the settings will take effect.
--> Reboot Canceled.

Updating werkt (nog) niet - krijg nog steeds de meding dat Windows Securities niet werkt omwille van illegale software.

Groeten, Leifoet

Mededeling

Windows 7 Update e.a. werken niet meer

Windows 7 Update e.a. werken niet meer

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment